<?php 
/*********************************************************
This file provides a list of available MO batches to send
to the bank blinded
*********************************************************/

/*********************************************************
includes
*********************************************************/
require_once 'config.inc';
require_once '_common.inc';
require_once '_customer.inc';
require_once '_db.inc';
require_once '_rsa.inc';
require_once '_ui.inc';

/*********************************************************
set the correct time zone to eliminate warnings in debug
date_default_timezone_set('America/New_York');

$script_tz = date_default_timezone_get();

if (strcmp($script_tz, ini_get('date.timezone'))){
    echo 'Script timezone differs from ini-set timezone.';
}
*********************************************************/


$us_id_str = $_POST["ids"];

$us_id = explode(":",$us_id_str);

$us = $us_id[0];

for($i = 1; $i < sizeof($us_id); $i++)
	$id_string[($i-1)] = $us_id[$i]; 

?>
<HTML>

<HEAD>
	<title>Verify Money Order ID Strings</title>
</HEAD>



<?php
ui_print_header('Second Merchant - Verify Money Order ID Strings');


	
echo "Retrieving saved hashes from merchant's database...<BR><BR>";
	
/*********************************************************
connect to db
*********************************************************/
$conn = db_connect(MERCHANT_DB_USER, MERCHANT_DB_PASSWORD);

/*********************************************************
get available mo batches for merchant
*********************************************************/

$sql = "select l_id_string as l, r_id_string as r, selector_string from mo_detail_merchantb
		join mo_idstrings_committed_mb on (mo_detail_merchantb.uniqueness_string = mo_idstrings_committed_mb.uniqueness_string)
		where mo_idstrings_committed_mb.uniqueness_string = '" . $us . "' and verified = 0 and deposited = 0 order by idstring_n";

$idh_db = db_do_query($conn, $sql);

/*********************************************************
close db connection
*********************************************************/
oci_close($conn);

for($i = 0; $i < sizeof($idh_db); $i++){
	$id_hash[$i][0] = $idh_db[$i][L];
	$id_hash[$i][1] = $idh_db[$i][R];
}

$ss = str_split($idh_db[0][SELECTOR_STRING]);

echo "Comparing Customer's ID Strings with hashes...<BR><BR>";


if(sizeof($id_string) != sizeof($id_hash)){
	echo "<BR><b><i>ERROR: Number of Strings not equal to number of Hashes!</i></b><BR><BR>";
	
	//Deleting money order
	
	echo "Deleting invalid money order from merchant's database...<BR><BR>";
	
	$conn = db_connect(MERCHANT_DB_USER, MERCHANT_DB_PASSWORD);

	$sql = "delete from mo_idstrings_committed_mb where uniqueness_string = '" . $us . "'"; 
	
	$stmt = oci_parse($conn, $sql);
	oci_execute($stmt);
	
	
	$sql = "delete from mo_idstrings_merchantb where uniqueness_string = '" . $us . "'"; 
	
	$stmt = oci_parse($conn, $sql);
	oci_execute($stmt);
	
	$sql = "delete from mo_detail_merchantb where uniqueness_string = '" . $us . "'"; 
	
	$stmt = oci_parse($conn, $sql);
	oci_execute($stmt);
	
	oci_close($conn);
	
	echo "Exiting...<BR>";
	
	die;
}

$valid = true;

for($i = 0; $i < sizeof($id_hash); $i++){

	if(strcmp(md5($id_string[$i]),$id_hash[$i][$ss[$i]]) != 0){
		$valid = false;
		echo "<BR><b><i>ERROR: ID string #" . $i ." doesn't match its Hash!</i></b><BR><BR>";
	}
}

if($valid){
	echo "<BR><b><i>All ID strings and hashes appear to be valid.</i></b><BR><BR>";
}else{
	echo "<BR><b><i>COULD NOT VALIDATE ID STRINGS AND HASHES OF MONEY ORDER!!!!   THIS ERROR HAS BEEN REPORTED!!!</i></b><BR><BR><BR>";
	
	
	//Deleting money order
	
	echo "Deleting money order from merchant's database...<BR><BR>";
	
	$conn = db_connect(MERCHANT_DB_USER, MERCHANT_DB_PASSWORD);

	$sql = "delete from mo_idstrings_committed_mb where uniqueness_string = '" . $us . "'"; 
	
	$stmt = oci_parse($conn, $sql);
	oci_execute($stmt);
	
	
	$sql = "delete from mo_idstrings_merchantb where uniqueness_string = '" . $us . "'"; 
	
	$stmt = oci_parse($conn, $sql);
	oci_execute($stmt);
	
	$sql = "delete from mo_detail_merchantb where uniqueness_string = '" . $us . "'"; 
	
	$stmt = oci_parse($conn, $sql);
	oci_execute($stmt);
	
	oci_close($conn);
	
	echo "Exiting...<BR>";
	
	die;
}

?>
<FORM action="4RC_5_MerchantAcceptMO.php" method="post">
<?php  echo '<input type="hidden" name="us_id" size="10" value="' . $us_id_str . '"/>';?>
		<input type="submit" value="Accept Money Order">
		</TD>
		</TR>
	</TABLE>
</FORM>
<?php 

ui_print_footer(date('Y-m-d H:i:s'));
?>

</BODY></HTML>